Vulnerability Note VU#408419

OpenSSH contains a one-off overflow of an array in the channel handling code

Original Release date: 07 Mar 2002 | Last revised: 02 Apr 2002

Overview

OpenSSH is a program used to provide secure connection and communications between client and servers. Channels are used to segregate differing traffic between the client and the server.

Description

OpenSSH versions 2.0 - 3.0.2 contain a one-off overflow of an array in the code that handles channels. For an attack against the server, the attacker must be able to authenticate to the system in order to exploit this vulnerability. For an attack against the client, the client must connect to a malicious server.

Impact

An attacker is able to execute arbitrary code with the privileges of the sshd process on the server. The sshd process usually runs as root/superuser. A malicious server is able to execute arbitrary code on the vulnerable client's machine with the privileges of the current user.

Solution

Upgrade to OpenSSH version 3.1.

Systems Affected (Learn More)

VendorStatusDate NotifiedDate Updated
AppleAffected07 Mar 200211 Mar 2002
BSDIAffected07 Mar 200208 Mar 2002
CalderaAffected07 Mar 200202 Apr 2002
ConectivaAffected-07 Mar 2002
EngardeAffected07 Mar 200207 Mar 2002
Hewlett PackardAffected07 Mar 200227 Mar 2002
MandrakeSoftAffected07 Mar 200207 Mar 2002
NETBSDAffected07 Mar 200213 Mar 2002
OpenBSDAffected07 Mar 200207 Mar 2002
OpenPKGAffected-11 Mar 2002
OpenSSHAffected-07 Mar 2002
Openwall GNU/*/LinuxAffected-18 Mar 2002
Red HatAffected07 Mar 200211 Mar 2002
SCOAffected07 Mar 200213 Mar 2002
SunAffected07 Mar 200207 Mar 2002
If you are a vendor and your product is affected, let us know.View More »

CVSS Metrics (Learn More)

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A N/A

References

Credit

This vulnerability was discovered by Joost Pol <joost@pine.nl>.

This document was written by Jason Rafail.

Other Information

  • CVE IDs: CAN-2002-0083
  • Date Public: 07 Mar 2002
  • Date First Published: 07 Mar 2002
  • Date Last Updated: 02 Apr 2002
  • Severity Metric: 25.65
  • Document Revision: 7

Feedback

If you have feedback, comments, or additional information about this vulnerability, please send us email.